go fmt
...and minimal comment changes.
This commit is contained in:
parent
8518d6d7bd
commit
00a712b4d1
@ -24,7 +24,7 @@ type CryptFS struct {
|
|||||||
plainBS uint64
|
plainBS uint64
|
||||||
cipherBS uint64
|
cipherBS uint64
|
||||||
// Stores an all-zero block of size cipherBS
|
// Stores an all-zero block of size cipherBS
|
||||||
allZeroBlock []byte
|
allZeroBlock []byte
|
||||||
// DirIV cache for filename encryption
|
// DirIV cache for filename encryption
|
||||||
DirIVCacheEnc DirIVCache
|
DirIVCacheEnc DirIVCache
|
||||||
}
|
}
|
||||||
@ -53,11 +53,11 @@ func NewCryptFS(key []byte, useOpenssl bool, plaintextNames bool) *CryptFS {
|
|||||||
cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
|
cipherBS := DEFAULT_PLAINBS + NONCE_LEN + AUTH_TAG_LEN
|
||||||
|
|
||||||
return &CryptFS{
|
return &CryptFS{
|
||||||
blockCipher: b,
|
blockCipher: b,
|
||||||
gcm: gcm,
|
gcm: gcm,
|
||||||
plainBS: DEFAULT_PLAINBS,
|
plainBS: DEFAULT_PLAINBS,
|
||||||
cipherBS: uint64(cipherBS),
|
cipherBS: uint64(cipherBS),
|
||||||
allZeroBlock: make([]byte, cipherBS),
|
allZeroBlock: make([]byte, cipherBS),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -86,7 +86,7 @@ func (be *CryptFS) DecryptBlock(ciphertext []byte, blockNo uint64, fileId []byte
|
|||||||
}
|
}
|
||||||
|
|
||||||
// encryptBlock - Encrypt and add IV and MAC
|
// encryptBlock - Encrypt and add IV and MAC
|
||||||
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte) []byte {
|
func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileID []byte) []byte {
|
||||||
|
|
||||||
// Empty block?
|
// Empty block?
|
||||||
if len(plaintext) == 0 {
|
if len(plaintext) == 0 {
|
||||||
@ -96,10 +96,12 @@ func (be *CryptFS) EncryptBlock(plaintext []byte, blockNo uint64, fileId []byte)
|
|||||||
// Get fresh nonce
|
// Get fresh nonce
|
||||||
nonce := gcmNonce.Get()
|
nonce := gcmNonce.Get()
|
||||||
|
|
||||||
// Encrypt plaintext and append to nonce
|
// Authenticate block with block number and file ID
|
||||||
aData := make([]byte, 8)
|
aData := make([]byte, 8)
|
||||||
binary.BigEndian.PutUint64(aData, blockNo)
|
binary.BigEndian.PutUint64(aData, blockNo)
|
||||||
aData = append(aData, fileId...)
|
aData = append(aData, fileID...)
|
||||||
|
|
||||||
|
// Encrypt plaintext and append to nonce
|
||||||
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
ciphertext := be.gcm.Seal(nonce, nonce, plaintext, aData)
|
||||||
|
|
||||||
return ciphertext
|
return ciphertext
|
||||||
|
@ -3,15 +3,15 @@
|
|||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
|
"fmt"
|
||||||
)
|
)
|
||||||
|
|
||||||
// goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go
|
// goGCMWrapper - This wrapper makes sure gocryptfs can be compiled on Go
|
||||||
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
||||||
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
||||||
// compiled on 1.4.
|
// compiled on 1.4.
|
||||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){
|
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) {
|
||||||
if nonceSize != 12 {
|
if nonceSize != 12 {
|
||||||
Warn.Printf("128 bit GCM IVs are not supported by Go 1.4 and lower.\n")
|
Warn.Printf("128 bit GCM IVs are not supported by Go 1.4 and lower.\n")
|
||||||
Warn.Printf("Please use openssl crypto or recompile using a newer Go runtime.\n")
|
Warn.Printf("Please use openssl crypto or recompile using a newer Go runtime.\n")
|
||||||
|
@ -10,6 +10,6 @@ import (
|
|||||||
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
// versions 1.4 and lower that lack NewGCMWithNonceSize().
|
||||||
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
// 128 bit GCM IVs will not work when using built-in Go crypto, obviously, when
|
||||||
// compiled on 1.4.
|
// compiled on 1.4.
|
||||||
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error){
|
func goGCMWrapper(bc cipher.Block, nonceSize int) (cipher.AEAD, error) {
|
||||||
return cipher.NewGCMWithNonceSize(bc, nonceSize)
|
return cipher.NewGCMWithNonceSize(bc, nonceSize)
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"encoding/json"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type logChannel struct {
|
type logChannel struct {
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
package cryptfs
|
package cryptfs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/binary"
|
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
|
"encoding/binary"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
)
|
)
|
||||||
|
@ -104,7 +104,7 @@ func TestInitPlaintextNames(t *testing.T) {
|
|||||||
if err == nil {
|
if err == nil {
|
||||||
t.Errorf("gocryptfs.diriv should not have been created with -plaintextnames")
|
t.Errorf("gocryptfs.diriv should not have been created with -plaintextnames")
|
||||||
}
|
}
|
||||||
_, cf, err := cryptfs.LoadConfFile(dir + cryptfs.ConfDefaultName, "test")
|
_, cf, err := cryptfs.LoadConfFile(dir+cryptfs.ConfDefaultName, "test")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
package integration_tests
|
package integration_tests
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"syscall"
|
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"syscall"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||||
@ -143,7 +143,7 @@ func testMkdirRmdir(t *testing.T, plainDir string) {
|
|||||||
if errno != syscall.ENOTEMPTY {
|
if errno != syscall.ENOTEMPTY {
|
||||||
t.Errorf("Should have gotten ENOTEMPTY, go %v", errno)
|
t.Errorf("Should have gotten ENOTEMPTY, go %v", errno)
|
||||||
}
|
}
|
||||||
if syscall.Unlink(dir + "/file") != nil {
|
if syscall.Unlink(dir+"/file") != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
if syscall.Rmdir(dir) != nil {
|
if syscall.Rmdir(dir) != nil {
|
||||||
@ -164,8 +164,8 @@ func testMkdirRmdir(t *testing.T, plainDir string) {
|
|||||||
|
|
||||||
// Create and rename a file
|
// Create and rename a file
|
||||||
func testRename(t *testing.T, plainDir string) {
|
func testRename(t *testing.T, plainDir string) {
|
||||||
file1 := plainDir+"rename1"
|
file1 := plainDir + "rename1"
|
||||||
file2 := plainDir+"rename2"
|
file2 := plainDir + "rename2"
|
||||||
err := ioutil.WriteFile(file1, []byte("content"), 0777)
|
err := ioutil.WriteFile(file1, []byte("content"), 0777)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
|
@ -333,7 +333,6 @@ func TestRename(t *testing.T) {
|
|||||||
testRename(t, defaultPlainDir)
|
testRename(t, defaultPlainDir)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Overwrite an empty directory with another directory
|
// Overwrite an empty directory with another directory
|
||||||
func TestDirOverwrite(t *testing.T) {
|
func TestDirOverwrite(t *testing.T) {
|
||||||
dir1 := defaultPlainDir + "DirOverwrite1"
|
dir1 := defaultPlainDir + "DirOverwrite1"
|
||||||
|
@ -261,7 +261,6 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
|||||||
cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData))
|
cryptfs.Debug.Printf("len(oldData)=%d len(blockData)=%d\n", len(oldData), len(blockData))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write
|
|
||||||
blockOffset, blockLen := b.CiphertextRange()
|
blockOffset, blockLen := b.CiphertextRange()
|
||||||
blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id)
|
blockData = f.cfs.EncryptBlock(blockData, b.BlockNo, f.header.Id)
|
||||||
cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n",
|
cryptfs.Debug.Printf("ino%d: Writing %d bytes to block #%d, md5=%s\n",
|
||||||
@ -276,6 +275,8 @@ func (f *file) doWrite(data []byte, off int64) (uint32, fuse.Status) {
|
|||||||
status = fuse.ToStatus(err)
|
status = fuse.ToStatus(err)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Write
|
||||||
f.fdLock.Lock()
|
f.fdLock.Lock()
|
||||||
_, err = f.fd.WriteAt(blockData, int64(blockOffset))
|
_, err = f.fd.WriteAt(blockData, int64(blockOffset))
|
||||||
f.fdLock.Unlock()
|
f.fdLock.Unlock()
|
||||||
|
@ -244,8 +244,6 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
|
|||||||
return string(target), fuse.OK
|
return string(target), fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
func (fs *FS) Unlink(path string, context *fuse.Context) (code fuse.Status) {
|
||||||
if fs.isFiltered(path) {
|
if fs.isFiltered(path) {
|
||||||
return fuse.EPERM
|
return fuse.EPERM
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
package pathfs_frontend
|
package pathfs_frontend
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"syscall"
|
"syscall"
|
||||||
"fmt"
|
|
||||||
|
|
||||||
"github.com/hanwen/go-fuse/fuse"
|
"github.com/hanwen/go-fuse/fuse"
|
||||||
"github.com/rfjakob/gocryptfs/cryptfs"
|
"github.com/rfjakob/gocryptfs/cryptfs"
|
||||||
@ -85,7 +85,7 @@ func (fs *FS) Rmdir(name string, context *fuse.Context) (code fuse.Status) {
|
|||||||
cryptfs.Debug.Printf("Rmdir: Chmod failed: %v\n", err2)
|
cryptfs.Debug.Printf("Rmdir: Chmod failed: %v\n", err2)
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
defer func () {
|
defer func() {
|
||||||
if code != fuse.OK {
|
if code != fuse.OK {
|
||||||
// Undo the chmod if removing the directory failed
|
// Undo the chmod if removing the directory failed
|
||||||
err3 := os.Chmod(encPath, origMode)
|
err3 := os.Chmod(encPath, origMode)
|
||||||
|
@ -24,7 +24,6 @@ func (fs *FS) isFiltered(path string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// encryptPath - encrypt relative plaintext path
|
// encryptPath - encrypt relative plaintext path
|
||||||
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
func (fs *FS) encryptPath(plainPath string) (string, error) {
|
||||||
if fs.args.PlaintextNames {
|
if fs.args.PlaintextNames {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user